Event ID 1104 — Security Channel Configuration
Applies To: Windows Server 2008
.jpg)
This event is related to the Security log configuration, including the maximum size of the log file and the behavior for handling the event log full condition.
Event Details
| Product: | Windows Operating System |
| ID: | 1104 |
| Source: | Microsoft-Windows-Eventlog |
| Version: | 6.0 |
| Symbolic Name: | EVENT_AUDIT_LOG_FULL |
| Message: | The security log is now full. |
Resolve
Configure the event log full condition
Event 1103 is a warning that indicates that the log is reaching its maximum capacity. Event 1104 indicates that the maximum capacity has been reached. Log configuration includes a setting that indicates the automatic handling of the event log full condition.
If the log is set to Overwrite events as required (retention is set to false on the command line), the log automatically recovers from the log full condition by overwriting the oldest events with new events.
If the log is set to Archive the log when full, do not overwrite events (retention is set to true, autoBackup is set to true from the command line), the log automatically recovers from the log full condition by copying the full log into a file with the file name based on the date that the file was created.
If the log is set to Do not overwrite events (retention is set to true, autoBackup is set to false from the command line), the log must manually be cleared from the command line. To do this, right-click the log entry in the Event Viewer and select Clear Log, or by running the following command from a command prompt that is run with administrator privileges (right-click the command prompt executable and run it by selecting Run as administrator):
wevtutil cl Security
Verify
Use the Event Viewer to read the Security log on the local computer and find the latest event 1103 or 1104. These events must be followed by event 1105 or 1102 to indicate that the condition is cleared and the Security log is accepting events.